The Official CHFI Study Guide (Exam 312-49)

for Computer Hacking Forensic Investigator


  • Dave Kleiman, International Association of Counter Terrorism and Security Professionals, International Society of Forensic Computer Examiners, Secure Member and Sector Chief for Information Technology at The FBI's InfraGard, FL, USA.

This is the official CHFI (Computer Hacking Forensics Investigator) study guide for professionals studying for the forensics exams and for professionals needing the skills to identify an intruder's footprints and properly gather the necessary evidence to prosecute. The EC-Council offers certification for ethical hacking and computer forensics. Their ethical hacker exam has become very popular as an industry gauge and we expect the forensics exam to follow suit. Material is presented in a logical learning sequence: a section builds upon previous sections and a chapter on previous chapters. All concepts, simple and complex, are defined and explained when they appear for the first time. This book includes: Exam objectives covered in a chapter are clearly explained in the beginning of the chapter, Notes and Alerts highlight crucial points, Exam’s Eye View emphasizes the important points from the exam’s perspective, Key Terms present definitions of key terms used in the chapter, Review Questions contains the questions modeled after real exam questions based on the material covered in the chapter. Answers to the questions are presented with explanations. Also included is a full practice exam modeled after the real exam.
View full description


Police and law enforcement personnel, military personnel, security professionals, systems administrators, legal professionals, banking, insurance, IT managers or people studying for the CHFI certification.


Book information

  • Published: November 2007
  • Imprint: SYNGRESS
  • ISBN: 978-1-59749-197-6

Table of Contents

Computer Forensics in Today's World
Law And Computer Forensics
Computer Investigation Process
Computer Security Incident Response Team
Computer Forensic Laboratory Requirements
Understanding File systems and Hard disks
Windows Forensics
Linux and Macintosh Boot processes
Linux Forensics
Data Acquisition and Duplication
Recovering Deleted Files
Image Files Forensics
Computer Forensic Tools
Application password crackers
Investigating Logs
Investigating network traffic
Router Forensics
Investigating Web Attacks
Tracking E-mails and Investigating E-mail crimes
Mobile and PDA Forensics
Investigating Trademark and Copyright
Investigative Reports
Becoming an Expert Witness
Forensics in action